@TechReport{Chen04a,
	author = 	"Xuan Chen and John Heidemann",
	title = 	"Detecting Early Worm Propagation through Packet Matching",
	institution = 	"USC/Information Sciences Institute",
	year = 		2004,
	sortdate = 		"2004-02-01",
	project = "ant, saman, conser",
	jsubject =  "network_security",
	number =	"ISI-TR-2004-585",
	month =		feb,
	jlocation =	"johnh: folder: xxx",
	jlocation =	"johnh: pafile",
	keywords =	"DEWP, worm propagation, NEWS",
	url =		"https://ant.isi.edu/%7ejohnh/PAPERS/Chen04a.html",
	pdfurl =	"https://ant.isi.edu/%7ejohnh/PAPERS/Chen04a.pdf",
	copyrightholder = "authors",
	myorganization =	"USC/Information Sciences Institute",
	abstract = "
In this paper, we present DEWP, a router-based system designed to
automatically detect and quarantine Internet worm propagation. DEWP
detects worm probing traffic by matching destination port numbers
between incoming and outgoing connections. This approach does not
require knowledge of worm packet contents or profiles of normal
traffic conditions; it can automatically detect and suppress worms due
to their unusual traffic patterns.  We describe how DEWP works and
evaluate its performance with simulations. We study the speed of
detection and the effectiveness of vulnerable host protection relative
to factors including worm scanning techniques, DEWP deployment
coverage and detection intervals. We also investigate false detections
with network trace playback. We show that DEWP detects worm
propagation within about 4 seconds. By blocking worm probing traffic
automatically, DEWP can protect more than 99\% hosts from
random-scanning worms.
",
}

{"_id":"to9HpPsy53F6n58dd","bibbaseid":"chen-heidemann-detectingearlywormpropagationthroughpacketmatching-2004","author_short":["Chen, X.","Heidemann, J."],"bibdata":{"bibtype":"techreport","type":"techreport","author":[{"firstnames":["Xuan"],"propositions":[],"lastnames":["Chen"],"suffixes":[]},{"firstnames":["John"],"propositions":[],"lastnames":["Heidemann"],"suffixes":[]}],"title":"Detecting Early Worm Propagation through Packet Matching","institution":"USC/Information Sciences Institute","year":"2004","sortdate":"2004-02-01","project":"ant, saman, conser","jsubject":"network_security","number":"ISI-TR-2004-585","month":"February","jlocation":"johnh: pafile","keywords":"DEWP, worm propagation, NEWS","url":"https://ant.isi.edu/%7ejohnh/PAPERS/Chen04a.html","pdfurl":"https://ant.isi.edu/%7ejohnh/PAPERS/Chen04a.pdf","copyrightholder":"authors","myorganization":"USC/Information Sciences Institute","abstract":"In this paper, we present DEWP, a router-based system designed to automatically detect and quarantine Internet worm propagation. DEWP detects worm probing traffic by matching destination port numbers between incoming and outgoing connections. This approach does not require knowledge of worm packet contents or profiles of normal traffic conditions; it can automatically detect and suppress worms due to their unusual traffic patterns. We describe how DEWP works and evaluate its performance with simulations. We study the speed of detection and the effectiveness of vulnerable host protection relative to factors including worm scanning techniques, DEWP deployment coverage and detection intervals. We also investigate false detections with network trace playback. We show that DEWP detects worm propagation within about 4 seconds. By blocking worm probing traffic automatically, DEWP can protect more than 99% hosts from random-scanning worms. ","bibtex":"@TechReport{Chen04a,\n\tauthor = \t\"Xuan Chen and John Heidemann\",\n\ttitle = \t\"Detecting Early Worm Propagation through Packet Matching\",\n\tinstitution = \t\"USC/Information Sciences Institute\",\n\tyear = \t\t2004,\n\tsortdate = \t\t\"2004-02-01\",\n\tproject = \"ant, saman, conser\",\n\tjsubject = \"network_security\",\n\tnumber =\t\"ISI-TR-2004-585\",\n\tmonth =\t\tfeb,\n\tjlocation =\t\"johnh: folder: xxx\",\n\tjlocation =\t\"johnh: pafile\",\n\tkeywords =\t\"DEWP, worm propagation, NEWS\",\n\turl =\t\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Chen04a.html\",\n\tpdfurl =\t\"https://ant.isi.edu/%7ejohnh/PAPERS/Chen04a.pdf\",\n\tcopyrightholder = \"authors\",\n\tmyorganization =\t\"USC/Information Sciences Institute\",\n\tabstract = \"\nIn this paper, we present DEWP, a router-based system designed to\nautomatically detect and quarantine Internet worm propagation. DEWP\ndetects worm probing traffic by matching destination port numbers\nbetween incoming and outgoing connections. This approach does not\nrequire knowledge of worm packet contents or profiles of normal\ntraffic conditions; it can automatically detect and suppress worms due\nto their unusual traffic patterns. We describe how DEWP works and\nevaluate its performance with simulations. We study the speed of\ndetection and the effectiveness of vulnerable host protection relative\nto factors including worm scanning techniques, DEWP deployment\ncoverage and detection intervals. We also investigate false detections\nwith network trace playback. We show that DEWP detects worm\npropagation within about 4 seconds. By blocking worm probing traffic\nautomatically, DEWP can protect more than 99\\% hosts from\nrandom-scanning worms.\n\",\n}\n\n","author_short":["Chen, X.","Heidemann, J."],"bibbaseid":"chen-heidemann-detectingearlywormpropagationthroughpacketmatching-2004","role":"author","urls":{"Paper":"https://ant.isi.edu/%7ejohnh/PAPERS/Chen04a.html"},"keyword":["DEWP","worm propagation","NEWS"],"metadata":{"authorlinks":{}}},"bibtype":"techreport","biburl":"https://bibbase.org/f/dHevizJoWEhWowz8q/johnh-2023-2.bib","dataSources":["YLyu3mj3xsBeoqiHK","fLZcDgNSoSuatv6aX","fxEParwu2ZfurScPY","7nuQvtHTqKrLmgu99"],"keywords":["dewp","worm propagation","news"],"search_terms":["detecting","early","worm","propagation","through","packet","matching","chen","heidemann"],"title":"Detecting Early Worm Propagation through Packet Matching","year":2004}